Splunk® Common Information Model Add-on

Common Information Model Add-on Manual

This documentation does not apply to the most recent version of Splunk® Common Information Model Add-on. For documentation on the most recent version, go to the latest release.

Install the Splunk Common Information Model Add-on

  1. Download the Common Information Model add-on from Splunkbase at https://apps.splunk.com/app/1621/.
  2. Review the indexes defined in CIM.
    1. The cim_summary index definition is deprecated, but is included for backwards compatibility with upgraded versions of Splunk Enterprise Security and the Splunk App for PCI Compliance.
    2. The cim_modactions index definition is used with the common action model alerts and auditing. Assign the appropriate Roles to search the index.
  3. Install the Splunk Common Information Model Add-on to your search heads only. Installing this add-on to indexers results in redundant data model acceleration overhead if acceleration is enabled.
    Refer to Installing add-ons for detailed instructions describing how to install a Splunk add-on in the following deployment scenarios:

Next: See Set up the Splunk Common Information Model Add-on to perform optional configurations to improve performance.

Last modified on 06 December, 2018
Overview of the Splunk Common Information Model   Set up the Splunk Common Information Model Add-on

This documentation applies to the following versions of Splunk® Common Information Model Add-on: 4.7.0, 4.8.0, 4.9.0, 4.9.1, 4.10.0

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters